Description
A security flaw has been discovered in farion1231 cc-switch up to 3.12.3. Affected by this issue is some unknown functionality of the file src-tauri/src/proxy/server.rs of the component ProxyServer. The manipulation results in permissive cross-domain policy with untrusted domains. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
Published: 2026-04-13
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Potential data exposure via permissive cross‑domain policy
Action: Patch
AI Analysis

Impact

A flaw in the ProxyServer component of farion1231's cc‑switch allows the manipulation of its cross‑domain policy, granting untrusted domains broad access. This can enable an attacker to obtain HTTP responses or data that should be restricted, or to serve malicious content to users. The vulnerability stems from improper handling of policy files and is classified as CWE‑346 and CWE‑942.

Affected Systems

farion1231:cc‑switch, versions up to and including 3.12.3, with the issue residing in src‑tauri/src/proxy/server.rs of the ProxyServer component.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, and the vulnerability can be triggered remotely. No EPSS score is available, but a public exploit has been released, raising the likelihood that attackers could target affected installations. The vulnerability is not listed in CISA's KEV catalog, but the existence of remote attack capability and a known exploit elevate the immediate risk to users running affected versions.

Generated by OpenCVE AI on April 13, 2026 at 03:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade farion1231 cc‑switch to a version newer than 3.12.3, where the cross‑domain policy issue has been corrected.

Generated by OpenCVE AI on April 13, 2026 at 03:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Apr 2026 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Farion1231
Farion1231 cc-switch
Vendors & Products Farion1231
Farion1231 cc-switch

Mon, 13 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 02:00:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in farion1231 cc-switch up to 3.12.3. Affected by this issue is some unknown functionality of the file src-tauri/src/proxy/server.rs of the component ProxyServer. The manipulation results in permissive cross-domain policy with untrusted domains. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
Title farion1231 cc-switch ProxyServer server.rs cross-domain policy
Weaknesses CWE-346
CWE-942
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Farion1231 Cc-switch
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-13T11:59:30.326Z

Reserved: 2026-04-12T07:56:04.762Z

Link: CVE-2026-6143

cve-icon Vulnrichment

Updated: 2026-04-13T11:59:24.159Z

cve-icon NVD

Status : Deferred

Published: 2026-04-13T02:16:04.783

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-6143

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:53:44Z

Weaknesses